👉Get Full PDF
| Question.71 You have an Azure subscription named Subscription1 that contains the storage accounts shown in the following table:  You plan to use the Azure Import/Export service to export data from Subscription1. You need to identify which storage account can be used to export the data. What should you identify? (A) Storage1 (B) Storage2 (C) Storage3 (D) Storage4 |
71. Click here to View Answer
Answer is (D) Storage4
Azure Import/Export service supports the following of storage accounts:
– Standard General Purpose v2 storage accounts (recommended for most scenarios)
– Blob Storage accounts
– General Purpose v1 storage accounts (both Classic or Azure Resource Manager deployments),
Azure Import/Export service supports the following storage types:
– Import supports Azure Blob storage and Azure File storage
– Export supports Azure Blob storage. Azure Files not supported.
Only storage4 can be exported.
Reference:
https://docs.microsoft.com/en-us/azure/storage/common/storage-import-export-requirements
| Question.72 You have Azure Storage accounts as shown in the following exhibit.  Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.  |
72. Click here to View Answer
Box 1: storageaccount1 and storageaccount2 only
Box 2: All the storage accounts
Note: The three different storage account options are: General-purpose v2 (GPv2) accounts, General-purpose v1 (GPv1) accounts, and Blob storage accounts.
– General-purpose v2 (GPv2) accounts are storage accounts that support all of the latest features for blobs, files, queues, and tables. – Blob storage accounts support all the same block blob features as GPv2, but are limited to supporting only block blobs. – General-purpose v1 (GPv1) accounts provide access to all Azure Storage services, but may not have the latest features or the lowest per gigabyte pricing.
Reference:
https://docs.microsoft.com/en-us/azure/storage/common/storage-account-options
| Question.73 You have Azure subscription that includes data in following locations:  You plan to export data by using Azure import/export job named Export1. You need to identify the data that can be exported by using Export1. Which data should you identify? (A) DB1 (B) Container1 (C) Share1 (D) Table1 |
73. Click here to View Answer
Answer is (B) Container1
Azure Import/Export service supports the following of storage accounts:
– Standard General Purpose v2 storage accounts (recommended for most scenarios)
– Blob Storage accounts
– General Purpose v1 storage accounts (both Classic or Azure Resource Manager deployments),
Azure Import/Export service supports the following storage types:
– Import supports Azure Blob storage and Azure File storage
– Export supports Azure Blob storage. Azure Files not supported.
Only container1 can be exported.
Reference:
https://docs.microsoft.com/en-us/azure/storage/common/storage-import-export-requirements
| Question.74 You have an Azure Storage account named storage1. You have an Azure Service app named App1 and an app named App2 that runs in an Azure container instance. Each app uses a managed identity. You need to ensure that App1 and App2 can read blobs from storage1. The solution must meet the following requirements: -Minimize the number of secrets used. -Ensure that App2 can only read from storage1 for the next 30 days. What should you configure in storage1 for each app?  |
74. Click here to View Answer
Box 1: Access Control (IAM)
Since the App1 uses Managed Identity, App1 can access the Storage Account via IAM. As per requirement, we need to minimize the number of secrets used, so Access keys is not ideal.
Box 2: Shared access signatures (SAS)
We need temp access for App2, so we need to use SAS.
A shared access signature (SAS) provides secure delegated access to resources in your storage account without compromising the security of your data. With a SAS, you have granular control over how a client can access your data. You can control what resources the client may access, what permissions they have on those resources, and how long the SAS is valid, among other parameters.
Reference:
https://docs.microsoft.com/en-us/azure/storage/common/storage-sas-overview
https://docs.microsoft.com/en-us/azure/storage/common/storage-auth
| Question.75 You need to create an Azure Storage account that meets the following requirements: Minimizes costs Supports hot, cool, and archive blob tiers Provides fault tolerance if a disaster affects the Azure region where the account resides How should you complete the command?  |
75. Click here to View Answer
Box 1: StorageV2
You may only tier your object storage data to hot, cool, or archive in Blob storage and General Purpose v2 (GPv2) accounts. General Purpose v1 (GPv1) accounts do not support tiering.
General-purpose v2 accounts deliver the lowest per-gigabyte capacity prices for Azure Storage, as well as industry-competitive transaction prices.
Box 2: Standard_GRS
Geo-redundant storage (GRS): Cross-regional replication to protect against region-wide unavailability.
Incorrect Answers:
Locally-redundant storage (LRS): A simple, low-cost replication strategy. Data is replicated within a single storage scale unit.
Read-access geo-redundant storage (RA-GRS): Cross-regional replication with read access to the replica. RA-GRS provides read-only access to the data in the secondary location, in addition to geo-replication across two regions, but is more expensive compared to GRS.
Reference:
https://docs.microsoft.com/en-us/azure/storage/common/storage-redundancy-grs
https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blob-storage-tiers
| Question.76 You have an Azure subscription that contains the storage accounts shown in the following table.  You need to identify which storage account can be converted to zone-redundant storage (ZRS) replication by requesting a live migration from Azure support. What should you identify? (A) Storage1 (B) Storage2 (C) Storage3 (D) Storage4 |
76. Click here to View Answer
Live migration is supported only for storage accounts that use LRS or GRS replication. If your account uses RA-GRS, then you need to first change your account’s replication type to either LRS or GRS before proceeding. This intermediary step removes the secondary read-only endpoint provided by RA-GRS before migration. ZRS supports general-purpose v2 accounts only.
A: Incorrect – General purpose v1.
B: Correct – General purpose v2 + LRS.
C: Incorrect – RA-GRS needs to be converted to LRS before Live migration request to ZRS.
D: Incorrect – Only premium blob blocks are supported by ZRS.
Reference:
https://docs.microsoft.com/en-us/azure/storage/common/storage-redundancy-zrs
https://docs.microsoft.com/en-us/learn/modules/provide-disaster-recovery-replicate-storage-data/2-evaluate-data-redundancy-options
| Question.77 You have an Azure subscription that contains a storage account named account1. You plan to upload the disk files of a virtual machine to account1 from your on-premises network. The on-premises network uses a public IP address space of 131.107.1.0/24. You plan to use the disk files to provision an Azure virtual machine named VM1. VM1 will be attached to a virtual network named VNet1. VNet1 uses an IP address space of 192.168.0.0/24. You need to configure account1 to meet the following requirements: -Ensure that you can upload the disk files to account1. -Ensure that you can attach the disks to VM1. -Prevent all other access to account1. Which two actions should you perform? (A) From the Firewalls and virtual networks blade of account1, select Selected networks. (B) From the Firewalls and virtual networks blade of account1, select Allow trusted Microsoft services to access this storage account. (C) From the Firewalls and virtual networks blade of account1, add the 131.107.1.0/24 IP address range. (D) From the Firewalls and virtual networks blade of account1, add VNet1. (E) From the Service endpoints blade of VNet1, add a service endpoint. |
77. Click here to View Answer
Answers are;
A. From the Firewalls and virtual networks blade of account1, select Selected networks.
C. From the Firewalls and virtual networks blade of account1, add the 131.107.1.0/24 IP address range.
Virtual machine disk traffic (including mount and unmount operations, and disk IO) is not affected by network rules. REST access to page blobs is protected by network rules.
You can use IP network rules to allow access from specific public internet IP address ranges by creating IP network rules. Each storage account supports up to 200 rules. These rules grant access to specific internet-based services and on-premises networks and blocks general internet traffic.
Reference:
https://docs.microsoft.com/en-gb/azure/storage/common/storage-network-security?tabs=azure-portal
| Question.78 You plan to create an Azure Storage account in the Azure region of East US 2. You need to create a storage account that meets the following requirements: -Replicates synchronously. -Remains available if a single data center in the region fails. How should you configure the storage account?  |
78. Click here to View Answer
Box 1: Zone-redundant storage (ZRS)
Zone-redundant storage (ZRS) replicates your data synchronously across three storage clusters in a single region.
LRS would not remain available if a data center in the region fails
GRS and RA GRS use asynchronous replication.
Box 2: StorageV2 (general purpose V2)
ZRS only support GPv2.
Reference:
https://docs.microsoft.com/en-us/azure/storage/common/storage-redundancy
https://docs.microsoft.com/en-us/azure/storage/common/storage-redundancy-zrs
| Question.79 You plan to use the Azure Import/Export service to copy files to a storage account. Which two files should you create before you prepare the drives for the import job? (A) An XML manifest file (B) A dataset CSV file (C) A JSON configuration file (D) A PowerShell PS1 file (E) A driveset CSV file |
79. Click here to View Answer
B: Modify the dataset.csv file in the root folder where the tool resides. Depending on whether you want to import a file or folder or both, add entries in the dataset.csv file
E: Modify the driveset.csv file in the root folder where the tool resides.
Reference:
https://docs.microsoft.com/en-us/azure/storage/common/storage-import-export-data-to-files
| Question.80 You have an Azure subscription named Subscription1 that contains the resources shown in the following table.  In storage1, you create a blob container named blob1 and a file share named share1. Which resources can be backed up to Vault1 and Vault2?  |
80. Click here to View Answer
Box 1: VM1 only
VM1 is in the same region as Vault1.
File1 is not in the same region as Vautl1.
SQL is not in the same region as Vault1.
Blobs cannot be backup up to service vaults.
Note: To create a vault to protect virtual machines, the vault must be in the same region as the virtual machines.
Box 2: Share1 only
Storage1 is in the same region (West USA) as Vault2. Share1 is in Storage1.
Note: After you select Backup, the Backup pane opens and prompts you to select a storage account from a list of discovered supported storage accounts. They’re either associated with this vault or present in the same region as the vault, but not yet associated to any Recovery Services vault.
Reference:
https://docs.microsoft.com/bs-cyrl-ba/azure/backup/backup-create-rs-vault
https://docs.microsoft.com/en-us/azure/backup/backup-afs